Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN - - PowerPoint PPT Presentation

Use this space to add an image. Insert an image and change the scale to cover this box.

Algorithms, cryptography and protocols

DON’T EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO IMPLEMENTATION, OR CRYPTO RNG ALSO, KEY MANAGEMENT IS VERY VERY HARD

1

Who?

Kate Pearce - Head of Security at Trade Me (@secvalve) I work to ensure that the data Trade Me holds for our customers, and the services it provides them, are trusted, trustworthy, and trusty (resilient). Trade Me Trade Me and its systems are incredibly prevalent in New Zealand:

• Marketplace (Auctions, listing goods new & secondhand)
• Motors (New and used car listings)
• Property (Rental, Purchase, & Commercial)
• Jobs (Job Listings)
• Payments (Credit Card Processor)
• Holiday Houses
• Dating

Trade Me has unparallelled Brand Presence in New Zealand, and the vast majority of New Zealand’s adult population in our systems.

Multiple millions of accounts in a country

• f 4.8 Million

(~around 1M under age 18) > 2 Million Daily interactions

@Secvalve -- 2

CCSA, https://m.flikr.com/#/photos/4nitsirk

3

Use this space to add an image. Insert an image and change the scale to cover this box.

• 1. Principles &

Goals

• 2. Building Blocks
• 3. Protocols

Security.ac.nz -- @secvalve - -4

tldr;

DO Use Public Algorithms DO NOT Roll-your-own Algo/Function CONCENTRATE ON Key Distribution DO Use Public Protocols DO NOT Roll-your-own Protocol CONCENTRATE ON Key Management DO Use Secure PRNG for Keys DO NOT Roll-your-own PRNG OR Use a non-secure PRNG DO Use a Secure Implementation DO NOT Implement your

• wn

DO Use Recommended Cipher Suites DO NOT Use Bad, Weak,

• r Null Suites

DO Use Slow Algorithms and Salt Secret Hashes DO NOT Hash Secrets with simple or fast hashes

Security.ac.nz -- @secvalve - -5

• Is aiming at the key things people make

mistakes with

• Is not going deep into details

○ Will not tell you which tech or configuration to use

• May have errors because cryptography is hard

to do well

This Presentation

Security.ac.nz -- @secvalve - -6

Principles & Goals

Security.ac.nz -- @secvalve - -7

Use this space to add an image. Insert an image and change the scale to cover this box.

Protocols - 3 way handshake

Security.ac.nz -- @secvalve - -8

Principles - 3 Way handshake

Security.ac.nz -- @secvalve - -9

Hello, shall we talk? Yep! ….*starts talking* Sure, still good to talk? *talking intensifies*

Principles - 3 Way handshake

Security.ac.nz -- @secvalve - -10

SYN ACK SYN ACK ACK ACK ACK ACK ACK ACK

Use this space to add an image. Insert an image and change the scale to cover this box.

Cryptography

Security.ac.nz -- @secvalve - -11

Principles

Cryptography

Security.ac.nz -- @secvalve - -12

Principles

Cryptography

Security.ac.nz -- @secvalve - -13

Principles

Secret

Cryptography

Writing

Security.ac.nz -- @secvalve - -14

Cryptography is Control Cryptography is Economics

Principles

Cryptography is Openness

Kerckhoffs's Principle

• “A cryptosystem should be secure even if everything about the

system, except the key, is public knowledge.” Shannon’s Maxim

• “The enemy knows the system”

Security.ac.nz -- @secvalve - -15

Confidentiality - Privacy Authenticity - Sender

Cryptography Goals

Integrity - Message

Security.ac.nz -- @secvalve - -16

Primitives, and Building Blocks

Security.ac.nz -- @secvalve - -17

Keys Symmetric Keys Pseudo Random Number Generator (PRNG) XOR S-BOX Trapdoor (one-way) Function Public and Private Keys

Some Key Primitives (and components)

Hashes

Message Integrity Codes

Not going over all this in detail

Security.ac.nz -- @secvalve - -18

Use this space to add an image. Insert an image and change the scale to cover this box.

Symmetric Encryption

Security.ac.nz -- @secvalve - -19

Symmetric Cryptography

Cipher

W8$fd3

Encryption

(Plaintext) (Ciphertext)

ABCDEF

Key

NOPQRS ABCDEF

ROT(X)

BCDEFG RSTUVW

X = 1 X = 17 X = 13

Security.ac.nz -- @secvalve - -20

Symmetric Cryptography

Cipher

ABCDEF W8$fd3

Decryption

(Plaintext) (Ciphertext) Key

NOPQRS ABCDEF

ROT(X)

BCDEFG RSTUVW

X = 1 X = 17 X = 13

Security.ac.nz -- @secvalve - -21

Symmetric Cryptography

Cipher

W8$fd3

Cipher

ABCDEF W8$fd3

Encryption Decryption

(Plaintext) (Plaintext) (Ciphertext) (Ciphertext)

ABCDEF

Key

Security.ac.nz -- @secvalve - -22

Use this space to add an image. Insert an image and change the scale to cover this box.

Hashing and Trapdoor Functions

Security.ac.nz -- @secvalve - -23

Hashing and Trapdoor Functions

Is this the same?

Security.ac.nz -- @secvalve - -24

Hashing and Trapdoor Functions

They had a red shirt

Security.ac.nz -- @secvalve - -25

Hashing and Trapdoor Functions

The number has a remainder of 1 when divided by 2

Security.ac.nz -- @secvalve - -26

Hashing and Trapdoor Functions

The number has a remainder of 5 when divided by 15

Security.ac.nz -- @secvalve - -27

Hashing and Trapdoor Functions

The number has a remainder of 11 when divided by 73

Security.ac.nz -- @secvalve - -28

Hashing and Trapdoor Functions

They had a red shirt And green gumboots And a lot of hair And mittens And were a cat

Security.ac.nz -- @secvalve - -29

Hashing and Trapdoor Functions

Hash

SA#2KH gfh@f*2

Hashing

(Plaintext) (Hash)

ABCDEF

Security.ac.nz -- @secvalve - -30

Hashing and Trapdoor Functions

Hashing cannot go the other way, as information is lost Red Shirt?

Security.ac.nz -- @secvalve - -31

Hashing and Trapdoor Functions

Hashing cannot go the other way, as information is lost But it may tell you enough to be confident something is the same to the hashed thing

Security.ac.nz -- @secvalve - -32

Hashing and Trapdoor Functions

Hashing can be used to verify authenticity X Hash(Msg A + MsgB) Hash(Msg B + MsgC) Hash(Msg C + MsgD)

Message A Message b Message C Message D

Hash(Msg D + MsgE)

Message e

A Message must have come after those it signs A past message cannot be altered without breaking the later hashes

Security.ac.nz -- @secvalve - -33

Use this space to add an image. Insert an image and change the scale to cover this box.

Asymmetric Encryption

Security.ac.nz -- @secvalve - -34

We can gain security from with operations that are vastly more difficult to reverse without some useful information

Asymmetric Encryption?

Security.ac.nz -- @secvalve - -35

We can gain security from with operations that are vastly more difficult to reverse without some useful information

Asymmetric Encryption?

Security.ac.nz -- @secvalve - -36

We can gain security from with operations that are vastly more difficult to reverse without some useful information Go through the hidden trapdoor activated by the statue’s eye Or, in mathematics: factoring numbers

Asymmetric Encryption?

Security.ac.nz -- @secvalve - -37

How do we protect our communications if we’ve never met? How do we share a key without

• bservers being able to use it?

With Public-Key Cryptography

Asymmetric Encryption?

Security.ac.nz -- @secvalve - -38

Asymmetric Cryptography

PRIVATE NEVER SHARED EVER PRIVATE NEEDS TO BE SHARED Shared PUBLICLY NEEDS TO BE SHARED PRIVATE KEY PUBLIC KEY

Security.ac.nz -- @secvalve - -39

Asymmetric Cryptography

ABC DEF

RSA(k)

$(*2e4d

K = PRIVATE KEY RSA(k) K = PUBLIC KEY

ABC DEF

Security.ac.nz -- @secvalve - -40

Asymmetric Cryptography

ABC DEF

RSA(k)

$(*2e4d

K = PRIVATE KEY RSA(k) K = PUBLIC KEY

ABC DEF

Security.ac.nz -- @secvalve - -41

SO WHAT? We now know:

• If something is encrypted with a Public Key it

can only be read with the corresponding private key

• If something decrypts with a Public Key it was

encrypted with the corresponding private key Now each party has a way to communicate to the

• ther party secretly.

Asymmetric Cryptography

Security.ac.nz -- @secvalve - -42

Now each party has a way to communicate to the

• ther party secretly.

Example: (NOT HOW Diffie-Hellman Key Exchange WORKS) 1. BOTH Publicly: Let’s use our a common word “peregrine” 2. Alice sends a message [encrypted with Bob’s public Key] to use the secret word “Opossum” a. Only Bob can read this 3. Bob sends Alice a message [encrypted with his private key and then her public key] and then his to use the secret word “WeaselSquawk” a. Only Bob can have sent this, Only Alice can read it They now have a key to use for symmetric encryption: peregrineOpossumWeaselSquawk Exercise: Find the vulnerability in this method (Hint: how does Bob Auth Alice?)

Asymmetric Cryptography

Security.ac.nz -- @secvalve - -43

Why not use Public-private cryptography all the time? It is thousands of times more computationally intensive (And key reuse should be avoided)

Asymmetric Cryptography

Security.ac.nz -- @secvalve - -44

Use this space to add an image. Insert an image and change the scale to cover this box.

Signing and Message Integrity Codes

Security.ac.nz -- @secvalve - -45

We also now have a way to validate the authenticity of something! If i send you a hash result that has been put through my private key (signed) then you can compare the value i sent with the value you get checking yourself! If they’re the same then you know it came from me.

Asymmetric Cryptography

Security.ac.nz -- @secvalve - -46

Use this space to add an image. Insert an image and change the scale to cover this box.

Public Key Infrastructure

Security.ac.nz -- @secvalve - -47

How do we know the public key is the right one? We could share it in advance … BUT THAT’S THE SAME PROBLEM AS BEFORE!

Public Key Infrastructure

Security.ac.nz -- @secvalve - -48

How do we know the public key is the right one? With Public-Key Infrastructure

Public Key Infrastructure

Security.ac.nz -- @secvalve - -49

How do we know the public key is the right one? With Public-Key Infrastructure (We have common friends)

Public Key Infrastructure

Security.ac.nz -- @secvalve - -50

How do we know the public key is the right one? With Public-Key Infrastructure (We have common friends) (Who have common friends)

Public Key Infrastructure

Security.ac.nz -- @secvalve - -51

I attest Alice’s Key Signed Elizabeth

Public Key Infrastructure

Elizabeth Has Signed the Certificate

Alice Asks Elizabeth to Verify Her Public Key Becky Already Trusts Elizabeth and Her Public Key (It was in her web browser)

Security.ac.nz -- @secvalve - -52

Use this space to add an image. Insert an image and change the scale to cover this box.

Self-Signing

Security.ac.nz -- @secvalve - -53

I attest Alice’s Key Signed Alice

Cryptography Gotchas

Self-signed certificates break the whole system as you can’t tell if someone is in the middle

Security.ac.nz -- @secvalve - -54

Alice’s Key Signed Alice

Cryptography Gotchas

Self-signed certificates break the whole system as you can’t tell if someone is in the middle

Alice’s Key Signed “Alice”

Security.ac.nz -- @secvalve - -55

Use this space to add an image. Insert an image and change the scale to cover this box.

Computers and Randomness

Security.ac.nz -- @secvalve - -56

Computers and Randomness

It doesn’t matter how good your encryption algorithm is if your key is easily guessed ...but...

Security.ac.nz -- @secvalve - -57

Computers and Randomness

Computers:

• Are terrible at randomness
• Do exactly what they are told

Given the same input, they do the the same thing every. single. Time. So… how do we get a good key?

Security.ac.nz -- @secvalve - -58

Computers and Randomness

So… how do we get a good key?

With a Random Number Generator (RNG)?

• No - Computers don’t [usually] have those

Security.ac.nz -- @secvalve - -59

Computers and Randomness

So… how do we get a good key?

With a Pseudo Random Number Generator (PRNG)?

• Maybe, but probably not

Security.ac.nz -- @secvalve - -60

Computers and Randomness

So… how do we get a good key?

With a Cryptographically Secure Pseudo Random Number Generator (CSPRNG/CPRNG)?

YES! You get a biscuit:

Security.ac.nz -- @secvalve - -61

Computers and Randomness

Don’t use a normal random generator for

• cryptography. Ever.

(Also, don’t use the wrong Datatype for a key. Ever)

STORY TIME!

Security.ac.nz -- @secvalve - -62

STORY TIME!

Blockchain Bandit and How to lose millions of dollars of crypto coins

https://www.wired.com/story/blockchain-bandit-ethereum-weak-private-keys/

Security.ac.nz -- @secvalve - -63

Computers and Randomness

This brings us to another point. Hashing does not provide privacy if the input values can be predicted.

Security.ac.nz -- @secvalve - -64

Computers and Randomness

Hashing does not provide privacy or security if the input values can be predicted, or if values can be tested rapidly.

• Hashes can be tested at speeds of millions

to billions of values per second

• Some things come in only a limited number
• f values.

Security.ac.nz -- @secvalve - -65

Computers and Randomness

Never ever simply hash secrets, or things with predictable values, for “security” or privacy reasons:

• Names
• Usernames
• User ID’s
• Passwords
• Credit Card Numbers
• Email Addresses
• Phone Numbers
• IP/Mac Addresses

Security.ac.nz -- @secvalve - -66

Computers and Randomness

But, i haven’t discussed how to store important secrets yet have i?

Security.ac.nz -- @secvalve - -67

Use this space to add an image. Insert an image and change the scale to cover this box.

Secret Storage!

Security.ac.nz -- @secvalve - -68

Secret Storage

Here’s the thing about user passwords. You do NOT need to store them

• NEVER EVER store raw or encoded passwords
• Never Reversibly Encrypt Passwords

You only need to know if a given password is correct

Security.ac.nz -- @secvalve - -69

Secret Storage

You only need to know if a given password is correct So, we use hashes!

Security.ac.nz -- @secvalve - -70

Secret Storage

Hash

11e263bb7f4 95e17912de7 85da8829fa

BAD PASSWORD Hashing

(Text)

NOYOUARE

(Password Hash)

By storing the hash we do not know user’s password, and cannot leak it But, DON’T USE A NORMAL HASH For

• PASSWORDS. See next slide

Security.ac.nz -- @secvalve - -71

Secret Storage

But, DON’T USE A NORMAL HASH For PASSWORDS. Presume attackers will compromise them, and:

• DO NOT Truncate, or change the case of,

passwords before hashing

• Use a SLOW & computationally intensive hash

○ (Argon2, PBKDF2,Scrypt - or bcrypt if you have to) ○ NEVER USE MD5, SHA-X, or FOR PASSWORDS

• Use a complex, user-specific, SALT in your

calculated hash value

https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Password_Storage_Cheat_Sheet.md

Security.ac.nz -- @secvalve - -72

Protocols

Security.ac.nz -- @secvalve - -73

Protocols

I haven’t actually mentioned a lot of protocols have i?

Security.ac.nz -- @secvalve - -74

Protocols

Here’s a few protocols you may want basics on:

ARP / DHCP 802.11 TCP/IP FTP UDP ICMP SMTP HTTP / HTTP2 / HTTP3|QUIC DNS SSL/TLS

But, no time for that today!

Security.ac.nz -- @secvalve - -75

Protocols

Because here’s the thing...

Security.ac.nz -- @secvalve - -76

Protocols

These building blocks in various combinations are what makes the algorithms: SSH -> Public/Private Authentication (without Certificates to verify) HTTPS -> HTTP Protected with SSL/TLS (Which is the certificate-based encryption) Bitcoin & Crypto Currencies -> Hash Chains (and a bit more stuff)

Security.ac.nz -- @secvalve - -77

Conclusion

Security.ac.nz -- @secvalve - -78

Cryptography is Control Cryptography is Economics

Principles

Cryptography is Openness

Kerckhoffs's Principle

• “A cryptosystem should be secure even if everything about the

system, except the key, is public knowledge.” Shannon’s Maxim

• “The enemy knows the system”

Security.ac.nz -- @secvalve - -79

Protocols

Some things i didn’t cover but wanted to:

• Digital Rights

Management

• Web Of Trust
• Ransomware
• Steganography
• Forward Secrecy
• Quantum

Computing

• Specific Protocol

Recommendations

• Cryptanalysis and Cryptographic

Attacks ○ Ciphertext-only, ○ Known Plaintext, ○ Chosen plaintext, ○ Chosen ciphertext

• Implementation and Key Attacks

○ Birthday Attacks, ○ Key and Plaintext Guessing Attacks, ○ Side Channel Attacks, ○ Rainbow Tables

Security.ac.nz -- @secvalve - -80

tldr;

DO Use Public Algorithms DO NOT Roll-your-own Algo/Function CONCENTRATE ON Key Distribution DO Use Public Protocols DO NOT Roll-your-own Protocol CONCENTRATE ON Key Management DO Use Secure PRNG for Keys DO NOT Roll-your-own PRNG OR Use a non-secure PRNG DO Use a Secure Implementation DO NOT Implement your

• wn

DO Use Recommended Cipher Suites DO NOT Use Bad, Weak,

• r Null Suites

DO Use Slow Algorithms and Salt Secret Hashes DO NOT Hash Secrets with simple or fast hashes

Security.ac.nz -- @secvalve - -81